Commit Graph

41987 Commits

Author SHA1 Message Date
Michal Cieslakiewicz
4bff3f392b ar71xx: WNR612v2: fix kernel panic due to wrong Wifi LED init
Netgear WNR612v2 flashed with recent OpenWrt builds suffers from kernel
panic at boot during wireless chip initialization, making device
unusable:

 ath: phy0: Ignoring endianness difference in EEPROM magic bytes.
 ath: phy0: Enable LNA combining
 CPU 0 Unable to handle kernel paging request at virtual address 1000fee1, epc == 801d08f0, ra == 801d0d90
 Oops[#1]:
 CPU: 0 PID: 469 Comm: kmodloader Not tainted 4.9.120 #0
 [ ... register dump etc ... ]
 Kernel panic - not syncing: Fatal exception
 Rebooting in 1 seconds..

This simple patch fixes above error. It keeps LED table in memory after
kernel init phase for ath9k driver to operate correctly (__initdata
removed).

Also, another bug is fixed - correct array size is provided to function
that adds platform LEDs (this device has only 1 connected to Wifi chip)
preventing code from going outside array bounds.

Fixes: 1f5ea4eae4 ("ar71xx: add correct named default wireless led by using platform leds")

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
[trimmed commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-28 07:21:13 +02:00
Matthias Schiffer
e302272765
ar71xx/generic: enable Zyxel NBG6616 in kernel config again
The NBG6616 shares a config symbol with the NBG6716. It was accidentally
removed from the config when the ar71xx-tiny target was split off.

Fixes: 0cd5e85e7a ("ar71xx: create new ar71xx/tiny subtarget for 4MB flash devices")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit a4f4ddba61)
2018-08-27 21:39:40 +02:00
Antonio Silverio
5a07b4e7f5 mac80211: mwl8k: Expand non-DFS 5G channels
Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels
(36, 40, 44, 48).

Signed-off-by: Antonio Silverio <menion@gmail.com>
2018-08-27 13:28:52 +02:00
Felix Fietkau
14580aaf81 mt76: update to the latest version
7daf962 mt7603: add survey support
980c606 mt7603: add fix for CCA signal configuration
30b8371 mt7603: fix BAR rate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-08-25 11:10:44 +02:00
Hans Dedecker
8bb9d053eb dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-24 19:17:50 +02:00
Roger Pueyo Centelles
79518b7a4b ramips: mt7620: add dir-810l network config
The device was not included in the /etc/board.d/02_network file, so
the network wouldn't be properly set up on boot.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2018-08-23 22:44:47 +02:00
Mathias Kresin
f1c3b5454e ramips: fix compatibles in SoC dtsi
The former used compatibles aren't defined anywhere and aren't used by
the devicetree source files including them.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-23 22:44:47 +02:00
Mathias Kresin
446dccc000 ramips: fix GL-MT300N-V2 SoC compatible
According to abbfcc8525 ("ramips: add support for GL-inet
GL-MT300N-V2") the board has a MediaTek MT7628AN. Change the SoC
compatible to match the used hardware.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-23 22:44:47 +02:00
Mathias Kresin
4ffed014a3 ramips: drop not existing groups from pinmux
RT5350 neither have rgmii nor a mdio pinmux group. MT7628an doesn't
have a jtag group. Having these groups defined might cause a boot
panic.

The pin controller fails to initialise for kernels > 4.9 if invalid
groups are used. If a subsystem references a pin controller
configuration node, it can not find this node and errors out. In worst
case it's the SPI driver which errors out and we have no root
filesystem to mount.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-23 22:44:47 +02:00
Mathias Kresin
6118db38b9 generic: revert workarounds for AR8337 switch
The intention of 967b6be118 ("ar8327: Add workarounds for AR8337
switch") was to remove the register fixups for AR8337. But instead they
were removed for AR8327.

The RGMII RX delay is forced even if the port is used as phy instead of
mac, which results in no package flow at least for one board.

Fixes: FS#1664

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-23 22:44:47 +02:00
Koen Vandeputte
82f9ef60ab kernel: bump 4.14 to 4.14.66
Refreshed all patches

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:48:04 +02:00
Koen Vandeputte
a5ccdc0f59 kernel: bump 4.9 to 4.9.123
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:48:04 +02:00
Daniel Engberg
24984b07e8
tools/bison: Update to 3.0.5
Update bison to 3.0.5
Bugfix release
Remove 001-fix-macos-vasnprintf.patch as it is fixed upstream

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit df02e7a3c7)
2018-08-21 19:26:08 +02:00
Mathias Kresin
50dbaee55c cns3xxx: fix mtu setting with kernel 4.14
Since kernel 4.10 commit 61e84623ace3 ("net: centralize net_device
min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which
is [68, 1500] by default.

It's necessary to set a max_mtu if a mtu > 1500 is supported.

Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-20 13:04:34 +02:00
Koen Vandeputte
705262f4d3 kernel: bump 4.14 to 4.14.65
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:04:00 +02:00
Koen Vandeputte
c3be3c0e1d kernel: bump 4.9 to 4.9.122
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:04:00 +02:00
Jo-Philipp Wich
4b4a6308e7 OpenWrt v18.06.1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 18:36:52 +02:00
Jo-Philipp Wich
70255e3d62 OpenWrt v18.06.1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 18:36:48 +02:00
Jo-Philipp Wich
5eb055306f rpcd: update to latest git HEAD
41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8c91807214)
2018-08-16 09:51:15 +02:00
Hauke Mehrtens
e11df1eac6 openssl: update to version 1.0.2p
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:42:39 +02:00
Hauke Mehrtens
033472e1bd kernel: bump kernel 4.9 to version 4.9.120
The following patch was integrated upstream:
 * target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:42:26 +02:00
Hauke Mehrtens
bfc9a4401b kernel: bump kernel 4.14 to version 4.14.63
The following patches were integrated upstream:
 * target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
 * target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:40:58 +02:00
Zoltan HERPAI
75e4d2d18c ramips: add missing USB packages into ASL26555-16M
Mirror the package list from the 8M device profile to the
16M device profile.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-08-13 15:10:30 +02:00
Paul Wassi
5b1c6570ca brcm47xx: cosmetic fix in model detection
In "brcm47xx: rework model detection" the file 01_detect was moved
to 01_network, therefore also update the warning message in case
everything fails.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-08-13 08:36:18 +02:00
Hauke Mehrtens
1fe7a17aed ath25: Do not build images for ubnt2 and ubnt5
The flash size of the ubnt2 and ubnt5 is limited and the images with
LuCI are getting too big for these boards. Do not build images for these
boards to make the complete build of this target not fail anymore.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-12 11:32:57 +02:00
Hauke Mehrtens
9cc774f91a at91: do not build image for at91-q5xr5
The kernel image of the at91-q5xr5 is getting too bing now and this is
breaking the build. Remove the image for the at91-q5xr5 from the build
to at least build images for the other devices.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-12 11:31:28 +02:00
Yousong Zhou
508adbd871 uci: bump to source date 2018-08-11
Fixes segfault when parsing malformed delta lines

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 3493c1cf41)
2018-08-11 12:05:58 +00:00
Kabuli Chana
ec1c66f53f mwlwifi: update to version 10.3.8.0-20180615
fix mcs rate for HT
support 88W8997
protect rxringdone

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-08-11 09:51:16 +02:00
Luis Araneda
9866622d81 tools: findutils: fix compilation with glibc 2.28
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-08-10 20:50:45 +02:00
Luis Araneda
c448f79840 tools: m4: fix compilation with glibc 2.28
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-08-10 20:50:45 +02:00
Koen Vandeputte
67f91dfa51 kernel: bump 4.14 to 4.14.62
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-10 18:43:59 +02:00
Koen Vandeputte
e4a5750931 kernel: bump 4.9 to 4.9.119
Refreshed all patches.

Delete upstreamed patch:
- 100-tcp-add-tcp_ooo_try_coalesce-helper.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-10 18:43:59 +02:00
John Crispin
433c94f296 wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 1961948585)
2018-08-10 15:51:24 +02:00
Jo-Philipp Wich
2a8d8adfb0 Revert "libevent2: Don't build tests and samples"
This reverts commit fe90d14880.

The cherry pick does not apply cleanly to 18.06.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-09 15:27:52 +02:00
Stijn Tintel
9fe68b4369 kernel: move e1000e patches to backports
They're already in linux.git, so they shouldn't be in pending.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 14b6c72541)
2018-08-09 11:49:56 +02:00
Stijn Tintel
bd451d46a6 kernel: add pending e1000e fixes
The previous round of fixes for the 82574 chip cause an issue with
emulated e1000e devices in VMware ESXi 6.5. It also contains changes
that are not strictly necessary. These patches fix the issues introduced
in the previous series, revert the unnecessary changes to avoid
unforeseen fallout, and avoid a case where interrupts can be missed.

The final two patches of this series are already in the kernel, so no
need to include them here.

Patchwork: https://patchwork.ozlabs.org/cover/881776/

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit ef025e6417)
2018-08-09 11:49:48 +02:00
Zoltan HERPAI
aeec1dd7ba firmware: intel-microcode: bump to 20180703
* New upstream microcode data file 20180703
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
      server dies.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-08-09 00:45:39 +02:00
Hauke Mehrtens
8d903be35a curl: Fix CVE-2018-0500
This backports a fix for:
* CVE-2018-0500 SMTP send heap buffer overflow
See here for details: https://curl.haxx.se/docs/adv_2018-70a2.html

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:51:41 +02:00
Hauke Mehrtens
1e4b5c8b1f ustream-ssl: update to version 2018-05-22
5322f9d mbedtls: Fix setting allowed cipher suites
e8a1469 mbedtls: Add support for a session cache

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:51:41 +02:00
Hauke Mehrtens
ea22e3df3e mbedtls: Update to 2.12.0
Multiple security fixes
* CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0
Patch the so version back to the original one, the API changes are
looking no so invasive.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.967 Bytes
ipkg for mips_24kc after:
164.753 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:49:59 +02:00
Hauke Mehrtens
0d5a041095 mbedtls: Activate the session cache
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.

The size of the ipkg file increased by about 800 Bytes.
ipkg for mips_24kc before:
163.140 Bytes
ipkg for mips_24kc after:
163.967 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:49:17 +02:00
Daniel Engberg
69c75f076a mbedtls: cleanup config patch
Clean up patch, use "//" consistently.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 21:34:20 +02:00
Hauke Mehrtens
6603a0c232 mbedtls: Deactivate platform abstraction
This makes mbedtls use the POSIX API directly and not use the own
abstraction layer.
The size of the ipkg decreased by about 100 bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 21:32:26 +02:00
Jo-Philipp Wich
ae1ae07513 kernel: remove stray 4.4 references
The 4.4 version hash was accidentally reintroduced while rebasing the
master commit, remove it again.

Fixes ca3174e4e9 ("kernel: bump 4.9 to 4.9.118")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-08 19:32:48 +02:00
Jo-Philipp Wich
fb5f026160 kernel: backport upstream fix for CVE-2018-5390
Backport an upstream fix for a remotely exploitable TCP denial of service
flaw in Linux 4.9+.

The fixes are included in Linux 4.14.59 and later but did not yet end up in
version 4.9.118.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fefe1da440)
2018-08-08 16:35:19 +02:00
Koen Vandeputte
16d89ef291 kernel: bump 4.14 to 4.14.61
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(backported from commit 7a254aeeb8)
2018-08-08 16:35:19 +02:00
Koen Vandeputte
ca3174e4e9 kernel: bump 4.9 to 4.9.118
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(backported from commit f7036a34ac)
2018-08-08 16:35:19 +02:00
John Crispin
0990dfc9ce Revert "kernel: usb: dwc2 DMA alignment fixes"
This reverts commit 1e5bd42d63.

this has already treacled down with the latest kernel bump

Signed-off-by: John Crispin <john@phrozen.org>
2018-08-08 16:31:14 +02:00
John Crispin
be4ab7e178 brcm2708: fix w1 patch
this is now part of generic

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5f5d812881)
2018-08-08 15:42:22 +02:00
John Crispin
6a27c2f4b1 base-files: drop fwtool_pre_upgrade
this feature has never worked, the fw image name was not passed and the -t
parameter was missing in the tool invocation. drop the feature.

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5e1b4c57de)
2018-08-08 15:42:06 +02:00